带有axios的机架式芯棒,不允许传递凭据

时间:2019-03-28 21:11:30

标签: ruby-on-rails axios rack rack-cors

我一直在尝试使机架式心轴和axios与设置withCredentials: true一起使用。我尝试了通配符来源以及开发来源app.lvh.me:3000。我正在尝试在子域api.lvh.me:3000上访问API。我觉得我因盯着问题太久而忽略了某些事情。它可以在Safari中正常运行,但不能在Chrome中运行。任何想法如何解决这一问题?这是rack-cors配置:

config.middleware.insert_before 0, Rack::Cors, debug: true, logger: proc { Rails.logger } do
  allow do
    origins '*'
    resource '*', headers: :any, methods: [:get, :post, :put, :patch, :delete, :options, :head], expose: ['Content-Type', 'X-Alternative-Payment-Required'], credentials: true
  end
end

Axios客户端:

this.client = axios.create({
  baseURL: process.env.API_ROOT_URL,
  timeout: process.env.NODE_ENV === 'development' ? 0 : 35000,
  withCredentials: true,
  headers: {
    Accept: 'application/json',
    'Content-Type': 'application/json',
  },
});

请求详细信息:

General:
Request URL: http://api.lvh.me:3000/v1/users/105/notifications
Request Method: GET
Status Code: 401 Unauthorized
Remote Address: 127.0.0.1:3000
Referrer Policy: strict-origin-when-cross-origin

Response Headers:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin: http://app.lvh.me:3000
Access-Control-Expose-Headers: Content-Type, X-Alternative-Payment-Required
Access-Control-Max-Age: 1728000
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Vary: Origin
WWW-Authenticate: Bearer realm=Application
X-Rack-CORS: hit
X-Request-Id: 484a55cc-e4b8-49d3-b2fd-0e4ed7c7d0a6
X-Runtime: 0.268253

Request Headers:
Accept: application/json
Origin: http://app.lvh.me:3000
Referer: http://app.lvh.me:3000/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36

0 个答案:

没有答案